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1. This international preliminary examination report has been prepared by this International Preliminary Examining Authority 
and is transmitted to the applicant according to Article 36. 



This REPORT consists of a total of 



. sheets, including this cover sheet. 



I I This report is also accompanied by ANNEXES, i.e., sheets of the description, claims and/or drawings which have 
' — ' been amended and are the basis for this report and/or sheets containing rectifications made before this Authority (see 
Rule 70. 16 and Section 607 of the Administrative Instructions under the PCT). 



These annexes consist of a total of 



sheets. 
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Certain observations on the international application 
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INTERNATIONAL PRELIMINARY EXAMINATION REPORT 



International application No. 

PCT/JP99/05353 



I. Basis of the report 



1. With regard to the elements of the international application:* 
the international application as originally filed 

the description: 

pages 

pages ^ 

pages 



□ 



, as originally filed 

, filed with the demand 



, filed with the letter of 



□ 



the claims: 

pages 

pages 

pages 

pages 



, as originally filed 

, as amended (together with any statement under Article 19 

, filed with the demand 



, filed with the letter of 



□ 



the drawings: 

pages 

pages 

pages 



, as originally filed 

, filed with the demand 



filed with the letter of 



I I the sequence listing part of the description: 

pages 

pages 

pages 



, as originally filed 



filed with the demand 



filed with the letter of 



2. With regard to the language, all the elements marked above were available or fumished to this Authority in the language in which 
the international application was filed, unless otherwise indicated under this item. 

Thes e elements were available or fumished to this Authority in the following language which is* 

□ 

the language of a translation fumished for the purposes of intemational search (under Rule 23.1(b)) 

□ the language of publication of the intemational application (under Rule 48.3(b)). 

the language of the translation fumished for the purposes of intemational preliminary examination (under Rule 55.2 and/ 
or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the intemational application, the intemational 
preliminary examination was carried out on the basis of the sequence listing: 

□ 
□ 
□ 
□ 
□ 

□ 

4. n 



contained in the intemational application in written form, 
filed together with the intemational application in computer readable form, 
furnished subsequently to this Authority in written form, 
fumished subsequently to this Authority in computer readable form. 

The statement that the subsequently fumished written sequence listing does not go beyond the disclosure in the 
intemational application as filed has been fumished. 

The statement that the information recorded in computer readable form is identical to the written sequence listing has 
been furnished. 

The amendments have resulted in the cancellation of: 

I I the description, pages 

I I the claims, Nos. 

I I the drawings, sheets/fig 



2 I I This report has been established as if (some of) the amendments had not been made, since they have been considered to go 
' — ' beyond the disclosure as filed, as indicated in the Supplemental Box (Rule 70.2(c)).** 

* Replacement sheets which have been furnished to the receiving Office in response to an invitation under Article 14 are referred to 
in this report as "originally filed" and are not annexed to this report since they do not contain amendments (Rule 70. J 6 

and 70. J 7). 

** Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this report. 
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V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 



1. Statement 

Novelty (N) 

Inventive step (IS) 

Industrial applicability (lA) 



Claims 
Claims 

Claims 
Claims 

Claims 
Claims 



3,5,8,9 



1,2,4,6,7 



1-9 



1-9 



YES 
NO 

YES 
NO 

YES 
NO 



2. Citations and explanations 



Claims 1 and 2 

Document 1 [Bruce Schneier, Applied Cryptography (Second Edition), John Wiley & Sons, Inc. 
ed. (1996), "3.7 Secret Sharing," pp. 71-73] describes a decentralized secret sharing method, 
wherein secret information is decentralized and shared and the secret information can be restored 
by bringing together decentralized secrets there-among which have a value at least as large as a 
prescribed threshold value. It is obvious that identical processing results are obtained when data 
is processed using said secret information as when data is processed using the information 
obtained by bringing together those decentralized secrets having a value at least as large as the 
aforementioned prescribed threshold value. 

Claims 4, 6, and 7 

Document 2 [JP, 10-282881, A (Nippon Telegraph and Telephone Corp.), 23 October 1998 
(23.10.98), foil text. Figs. 1 to 7] describes the idea of using Shamir's polynomial interpolation 
to decentralize the secret key of a published key encoding technology into a plurality of parts, 
registering the same, and using the decentralized information that corresponds to a 
decentralization threshold value to conduct the data processing when data processing requires the 
secret key to be restored. The constituent features are the same as the constituent features of the 
inventions described in claims 4, 6, and 7. 

Claims 3, 5, 8, and 9 

Document 3 [JP, 3-76447, A (Sharp Corp.), 2 April 1991 (02.04.91), page 3, lower right column, 
lines 1 to 6; page 3, lower right column, line 13 to page 4, upper left column, line 4; page 4, 
upper right column, lines 7 to 18; Figs. 1 to 5] describes a technology for securing the secrecy of 
communications by changing the setting value of the encoding key for each communication. 

Document 4 [Kazuo Takaragi, et al., "Sosetsu Shou Tokushuu 'Card' Card Shakai to Security 
Gijutsu," Nippon Insatsu Gakkaishi, Vol. 29, No. 3, (No. 113) (31.05.92) pp.288-295] suggests 
the technical viewpoint that it is feasible to have an unlawful-act prevention technology 
comprising an IC card, wherein the IC card is connected to a reader/writer, the data flowing 
there-between is acquired, and a card having identical response is made. 

Document 5 [Yuichi Kaji, et al,, "Password Jizen Sengen ni yoru Kojin Ninshouhou; Jiki Card 
wo Mochiita Anzenna Kojin Ninshouhou," Technical Research Report of the Institute of 
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Supplemental Box 

(To be used when the space in any of the preceding boxes is not sufficient) 



Continuation of Box V (Citations and explanations): 

Electronics, Information, and Communication Engineers (ISEC95-39-44), Vol. 95, No. 423 
(15.12.95), pp. 21-28] describes a personal identification processing system comprising a card 
that uses a secret decentralization/sharing technique, the system serving as a safe method for 
networks. 



The technologies described in each of these documents relate to providing protection from 
unlawful acts committed by persons with malicious intent. It would have been obvious to one 
skilled in the art to focus on the technical viewpoint described in document 4 and use the card 
system described in document 5 in the technology that results when the technology for changing 
the encoding key setting value described in document 3 is applied to the technologies described 
in documents 1 and 2. 
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VI. Certain documents cited 



I. Certain published documents (Rule 70.10) 



Application No. 
Patent No. 



Publication date 
(day/m onth/year) 



Filing date 
(day /month/year) 



JP,11-316542,A 16 November 1999(16.11.1999) 04 March 1999(04.03.1999) 
[E,X] 



Priority date (valid claim) 
(day/month/year) 



05 March 1998 (05.03.1998) 



2. Non-written disclosures (Rule 70.9) 

Date of written disclosure 

Kind of non-written disclosure Date of non-written disclosure referring to non-written disclosure 

(day/month/year) (day/month/year) 
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□ CH and L I x-r x^cf >; t^^yv^^^-o 

Switzerland and Liechtenstein 
t3C N China 

□ C U Cuba 

□ C Z f-x-y^ Czech Republic 

DD E K-Y V Germany 

ODK -fV-^--? Denmark 

QEE iXh — 7 Estonia 

□ E S X^-f > Spain 

QF I 7-< >7 > K Finland 

OG B United Kingdom 

CDG E ^;l'i/7 Georgia 

QG H Cliana V. 

□ H U ^^V-rS'} - Hungary. ; 

CHI L >< X -7 xyU Israel 

O I S t-fX^VK Iceland" 

CEl J P B3i: Japan 

□ K E ^-7 Kenya 

□ K G Kyrgyzstan 

C3K R f?@ Republic of Korea 

□ K Z 751f7X^'> Kazakstan 

□ LC -tr>hyl^->7 Saint Lucia 

□ L K 7 • 7 >^ Sri Unka 

□ L R 'J^'; 7 Liberia 

□ L S UV h Lesotho 

□ LT h 7 — 7 Lithuania 

□ L U ;U7 -tr >'7';U^ Luxenbourg 

□ L V 7 h7'-< 7 Latvia 

□ MD -t;UK':^t Republic of Moldova 

OM G -^^tST.ti}^ Madagascar 

□ M K K— 7ia^- 7 The former Yugoslav Republic 

of Uacedonia 



□ MN 

□ MW 

□ MX 
a N 0 
C3 N 

□ P 
□ 
□ 

a RU 

□ SD 



Z 
. L 
PT 
RO 



S E 
S G 



S I 
SK 



□ 
EE) 
□ 
□ 

□ S L 

□ T J 

□ TM 
a TR 

□ TT 

□ U A 

□ UG 
[3 U S 



•€->zfyU Mongolia 

-7v7^* Malavfi 

;>'^->r Mexico 

J — Norway 

JLj.— * y—^ y K New Zealand 

-7 > K Poland 

:i?>rU h;^7Vb Portugal 

yU— -7jl7 Romania 

a->72S?6 Russian Federation 

y^.— '^'y Sudan 

:x.—Ty Sweden 
•> > 75';tJ — Singa pore 

;^ or/i — 7 Slovenia 

;^a*^7 4='7 Slovakia 

vi-^U^-t-' Sierra Leone 

9 'J^T.^ y Tajikistan 

YJ\/'7/-^'^9y Turkmenistan 

h^Un Turkey , 

Y K* h^<Z3' Trinidad and Tobago, 

^ '7 ^ 'i i' Ukraine , 

^ytfy^ Uganda 

^!t|S United States of America 



r— I U Z 7XK4-;^^> Uzbekistan 

Q V N T'-f X h^A Viet Nan 

J— , Y U If;; -7 t"7 Yugoslavia, 

Q ZW ':>>/<yx Zimbabwe 



□ ■ 

□ • 

a- 
a- 
a- 

□■ 



i^^PXTy RO/M 0 1 (^2.^5a) ( 1 9 98 ^.7^) 



(a. ^. ^) 



(I) 



(2) 



<3) 



>u^tntf^^'g>^xt,^ (jtflfiij4! 10(b) ( i i ) ) o itse^a^^flgp 



(ISA) (DM^ 



I S A/ J P 



m^m 

S^^ 4 ^ 

m^cots.^ 3 ^ 

m^^m ; • ' 1 ^ 

Sffi - • 12 

^ n S 0 ^ 

ffl « ^ 



1. SBSiiigsi LraasnfcaaonKsogacDB 



f ff ifi A 



3. mmt^^mt Lx*Aii^^nfi^$^^m^-r^^^xnmmX'^r,x 



4. ^t^\a>ti^.^m \ \^.c2)\zmr$<'j;!,?ium^<Dm?^^^^m(Da 



5, ajfitiA<i:o^?.^$n/c 



I S A/ J P 



USaS^:^ L^-iilft LT t ^^^^ t > 



2. 



« 



15 A ffl 



tt^-j' C T.^ RO/ ! 0 1 (RSSSaS) ( ! 9 9 S 7.^) 




<ecut/L/ 



\zti-Y\t, ^©=f^it±. ^^r^n^ ^mmim^h-m^tnzti - \^ ^ 

te^^ r? /c^fi (secure cryptographic device i !/ ^ ) ^tt" ^ if /cT^X 

-r ^m^^rS^ ^device i5>)5?t/T^^ C ifCck ^T, L J; 9 i 

•f^TACTiming Attack), DPA(Differential Power Analysis), SPA(Simple 
Power Analysis)7^j: "jHg14;^-«.^iS$n^ ct ^ C t^J: o T t ^ ^ o 




2 



let! - Kfr-::>l,^T(i, 
5 3tE [Handbook] Rankl Effing, "Smart Card Handbook", John Wi ley & Sons. 
1997 

secure cryptographic devicetC O t ^T (i, 
3tMC IS013491] IS013491-1 "Banking - Secure cryptographic devices 
10 (retail) - Part 1: Concepts, requirements and evaluation methods", 
First edition 1998-06-15 

(I §fl ^ $ n T C > ^ o 

^f;, TA(Timing Attack), DPA(Dif f erential Power Analysis), 
SPACSimple Power Analysis) T'j: ci:"® T jJ' -y (C o I ^ T , me^XM 
15 [ Handbook jOftfe, 

3til^[DPA] Paul Kocher, Joshua Jaffe and Benjamin Jun, "Introduction 
to Differential Power Analysis and Related Attacks", 1998 
••• 'XMiTh] Paul Kocher, "Timing Attacks on Implementations of Dif- 
fie-Hellman, RSA, DSS, and Other Systems", CRYPTO* 96, 1996 
20 izm^^HTl^^o 

RSABf^O'^^Yb^tg^ ^iOlCTly - K-^OTiming Attack \Zt^-ti>1i^ 
25 M^t<7j^^tiXl^^ o Timing Attack ^H^rt" ^ <!: ^j: 



3 



-^^m\t, ±.l^Um\Z.^^Xfl-^rifzh(D1:hK), \(:ti-Vmo:> se- 
cure cryptographic devicep^ ® tff fiz ^ fi^ T # U^-^ t-"?" h ^^k, 



^ TACTiming Attack), DPACDif f erential Power Analysis), 
SPACSimple Power Analysis)^©:^^-^^^3c!; "T ^ ^IS. ^W^mm 

15 ^mi^^y-:^, '>X7^A, rr>b°n.-^, 7° a iJ''" ^ A ^ H #t 

±ieg W^S^-r zll^MS!l]S§c!:K1«ll]lS§ 

9 c i i -r ^ o T- ^ ^ o 




5 



10 



-9''^£t>'^, IC7!7— secure cryptographic device C 




4 



10 (Dm.^^t^'d:t<m'^h^, rii^®^-®itfE^^it^p^i UT^f ^u. -tie 

L T lif ® 1f IS ^ ^ © ^> ® ^ # ^ - i S It C /j: ^ o $ 



b 



5^ ;^ T le 1« S B 1^ {I $ n fj f £ liJ ®^ (I -r ^ tf A ( i s fj: ;z, 1t 



6 



5 T^^o 

M s iis m ® s # 1R'J ^ ft ( i . ± f £ $K> ^ 'It ^ t* fg M a ^ 15 i ± 15 m m 

15 

msilli, ^ 1 E1©IC:^- K^t^©^ -^tf Rfflf.^Bt^m-^yD ^^^''^ A® 

20 7°n A©:7 a-T*) ^9 . H 5 0 — ^Mi^'J tj" ^ IC^ - 

K^^EIT*«9, ^6EI{i, 1^ 5 IHOIC:^- Kl#^® 9 t>T--7*;^f'- 
i'tt»:7°a A® 7 □ -Tfe ^9 . ^im^t, II 5 glOIC^- KIS^© 




7 



• m 1 ©IIJS^'J 

5 Rffil.taf — flT^ ^ Elliptic Curve Encryption 

Scheme (ECES) ©^-§--fb1^tg^^t o IC^ - Kfriiffl U /c — ^Mi?"]^. 
Ji^T, ^ ^ffl O^TlJfiP^'g" -i) o Elliptic Curve Encryption Scheme (ro(,> 

10 ^ 3tM[X9.63] "Working Draft: AMERICAN NATIONAL STANDARD X9. 63-199x 
Public Key Cryptography For The Financial Services Industry: Key 
Agreement and Key Transport Using Elliptic Curve Cryptography", 
American National Standards Institute, January 9, 1999 
3tM[ IEEEP1363] "Standard Specifications For Public Key 

15 Cryptography (Draft Version 9)" IEEE P1363 Standard, IEEE, Febrary 
8. 1999 

ic^-KiooKi. c?m'cmji^ti>mn-iiikm^m2, iBitmit^c^ ^ u ) 

X[l]S§Tlt^1-^ I/O1006. tl'^^^i^M^^I^^PT^^f 
25 X 1003 c!: ;6>^>7'd:^o 

7°a A^§|rt^lO05fr(i, sIS^^t'd AlOlOi, mRffl^flf 




8 



10 x^-r > hPoiiZi^n, nx h;6-jfjietf Rfiil^±®^s.#:©^ias^ u < j^j: 

^S^jnCC i (i. iE-S^i^d^® ^®;{)•<•f'-i5'^§^rt^^^'(*#^nT(,^a^{tT 
fBT^^Iii®'^^SU^tfffBd,1007i^ii^®^^3^tf fgdslOOSCMtlcfc . 

^ ft f R ^ ^ 1t fB ^ S ^ S C * B ^ -r ^ ffi R ffi ^ « ^ □ iJ'"" ^ A 1 0 1 1 ( i . 
20 C n i^^IE U < MST# ^ ct 9 f^li^^ tlTl^^o d,1007idBl008®m 
^^t>'±\tm.^h^ , ^'Jx.(i', d,1007©iil^lii^lld^© fc®®^t i U, 
dBl008©1ii^0(-tr"a ) C CDd,1007 idBl008OM(i, IkJSrlidoa 

IE® — -^iJ i ^^.i: t/c. d,1007®'(I^0(-t?"a)c!: U, dBlOOS©^^ n - d 
(mod n) t-ttl\t, ZtlhMimm:d(Dmt^t\tm^li^'^%(D-mtfl^o 




9 



jI^A^b^-^-^-^-:/ a iJ'-- 5 lOi2Tm-l--r 5 Jf6 {Cik:^^ ch ni: ^ m-^ffl 

^m.^ya^"^i.mi(DiBt!t UT?# t>n7tm-^ji^ii«i:fo c}:o'IC7!7- 
K1001®n^^. m^^t^tlfzji y -i- - i^m 1015 t [.Xltitii- 6 a r 
■7 A T ^ ^ o 

20 ^- KlOOlitf fg®i^ «9lX«:)7i>'<T#^^1-^®^tt. .^iJ^li'. ICtj - KlOOl 
25 IC:^- KlOOl^lSo /cBf ©Bi-^<b$n/cy -y -i? - vmlOH^m-fr ^> 



1 0 



^m-i-u. m^-fb^n/c^ -t- -i^^m' lois^ UT{±!;tfi-^o 

® T, TA( Timing Attack), DPA (Differential Power Analysis). SPA (Simple 
Power Analysis)^ ct o T%2-^li® It^ft^-T ^ - i *-<fflii (I o T 

jK^-S^^^'fi ISdBl008©m*-^"@^^ tlTC^^o U/c;<)<oT, m-f-^^to 

t" — ^^§irt^ioo4*^ <a>/<x 1003^^0 LTiii^Ma$iiioo2{r^[p]Bftn ^ c 
20 -9 c i /j: ;5 i6 . c ora^oit^Bf fs^-^^^-r ^m?^?^®3^^^^^s 

m»ft^ IrI l;C<£ ^ o C®C iiiTAdiming Attack), DPA(Differential 
Power Analysis), SPA(Siinple Power Analysis)^^! J: TliJ^^^53-1t 

25 D AlOlO^^-iJffi-r ^ o 



1 1 

^m'^ioo4t^ <i^^■xloo3^^^^ UTzii»i^Ji^ioo2-\fi?tn^ r^-^ , mra 

TACTiming Attack), DPA(Dif f erential Power Analysis), SPACSimple 
15 Power Analysis)^ fC J; ^ M-S^MOIS^M^ ^ $ Sil 1" ^ C <!: 

a?E^^7°o i^-^ AlOlOli, =rf nfflii^0t-tm^7°n i?--'^ A1011;6-^-|I^T 

lit /cffiRffi^Bf ^^-t7°p i^-^ Ai011©^=fTct 5 >VJ^ 

fi^^ I y ^'^^m'n^tix ^ X^^o ^SRffl^^at#m-^7°o Aioiin 

^^^TAdiming Attack)^ DPA(Diff erential Power Analysis)-\ © 
H 2 mi il{I:}bMj- aa?l^j^7"a i?-^ A1010CD7 a-^^-To 



1 2 



y^T- -J 7°2001 : li bfe 

X 7^ «y 7° 2 0 0 3 : - ^§ Irt 1 0 0 4 /{)^ ® M 1t ?g d , 1 0 0 7 J; liJ ^ 
H S P ^ tt d B 1 0 0 8 ^ <^ iA t,- 

5 Xt^ -y 7°2004 : d,' = d, f k (mod n) fcckc; dg' = dg + k (mod n) ^ 

T.'r -J 7°2005 : d/ JiO'dn' ^ ^ ^"tl x - ^ ^ 1 004 © ® M-SC 
53^1t?Ed,l007fe J:a'¥-iSli§P^tf IBdBl008;6<ff/-:)>nTC^/c i C v5C»# 

10 X 7^ -y 7°2006 : fc^ ^ 

m 3 llti, mi ^tf Rffi^Bf-^^-^T^a i^-^ AlOll©^ n- 

X 7^ -y 7°300i : i;a6 

XT- -y 7°3002 : Q = 0 ( PI it ) c!: "T ^ 
15 X7^-y7°3003: IC^- K 1 001 ©^f Si3;0^ t> ^^ffi .^.R1013<& iA 

>y 7°3004 : f-'-^^SIftSP1004;i)^ '$>M'SMaJ^^tf fSd.lOOTfc J: C>'IE>S 
^^^itlBdBlOOB^M^iAir 

Xt^ «y 7°3005 : i = |n| ct f a ( i n | (iK- X -f > hPcDlit^nCD f -y h 

20 -y 7°3006 : (d.lOOTcD^i f^y h @, delOOS® t" >y H g ) = (1, 0) 

4- 1^X7^ -y 7°3008'x(C: C T^i f -y h g i (i , ST'fit'-y h 1 f -y 

XT- >y 7°3007 : (d,1007©mi -y h @, dgl 008® H i f -y H g ) = (0, 1) 
'^X-r-y 7°3010'\. ^ 9 TT'jItj-nii'X >y 7°3009-\(C C THi f -y h 
25 gc!:{i, STIi f -y K 1 ti" -y H @ (t L. ±'^i^:CfS]7i^9 (3 i'^^ < ''X 



1 3 

Xt^ -y 7°3008 :Q = Q i R iUTX7^-y -fZOlQ^iZ ZV i istf Rlffl^^ 

7°3009 :Q = Q - R <^:LTX7^'y 7^30 10-^ (C C r - (ilf Rffll^ 

5 y •7°3010 : i = i - 1 if ^ 

^■r -y 7°3011 : i > 0 ^1 ^ Q = 2Q <i: LTXt^ -y 7°3006^(C T 2Q (s: 

-y ^3012 : Q(Dx^mxQ^m^m^mmt Lxmiii-^ 

Xt^ -y ^3013 : i6t>>0 
10 JiiS:^7^ -y 7°3009{r:fetj- ^^tRffi^±®.'^,©;!jn'^, X -y ^3010 

(Cfcij-^tf nffl;!'^^©.^;©^*, fcJ:(:>*. Xt^ -y 7°3012tr ^tf Rffi 
^.^-LO.-^:® 2 j§»:©|^Jffl}rol^T(i, 3tffi^[IEEEP1363]{ll^ U < iZE-i "in 

15 ^9-1tlSd,l007fc J:C/li:>^^li^^'if fSd3lO08;6<^n^'n d, = d, dg = 0 <i: 

(d,1007©^i f -y h@. dBl008®^i e-y h S ) = (1, 0)^fcii(0. Di: 
20 fl^ Jid ^lif y h(Dm.t-<M^'>^^l< •^l6U^tt^^Xl^^m^\t, WR 

iS/j: addition-subtraction chain ^ R © X ^ ^ — 

zox^i:^. mm^md(D^'^<Dm^My3-}^^^i'^^^ ^ z tit, 

/J:^g^:^•^^^^o^5^l:^T^g»1-^ c i^«5^ UTt^^o ,^$^0^(c. 



1 4 

addition-subtraction chain^t^ o /cffi R Zll^;5"-fS(CO t^T 

5 ii . 

3tiic[ADD-SUB] F. Morain and J. Olivas "Speeding up the computations 
on an elliptic curve using addition-subtraction chains" Theoretical 
Informatics and Applications vol. 24, no. 6, 1990 

H ?!£ ^ o 

-r^^tS fg^ t> U/cC iJCliAi: i^nki^o -rni:^-^. liJ^MC -f-^ ^ 1f IS 
m-t ^^n(y^ — ^i)^-MtifzZ tiZli:^^fl 'h^l^^i}-<, ^^^MIZ U/c/i)^-pT, 

mmiz-r^^mn^ti^^xiifi < , ^n<&a-r^^g?sc ox^it 

25 ■r-:57^#|irt$|3 1004{I'(*1?$nTO^^f'-r5'Tfe^d,i:dB®m©9 ^ 





1 5 



h<Dizmvxit. tff ^ u T I ^ I ^ c i (c ^ o 

^^Do TC^^ <!: UT t>. deOlt --f^d, ctdgCMT i:"® =fc 9 Cd^St"/&^^^n 
(I J; oTi^JfUiE UTl^^CDT, ISJ^ , ^ij ® c it ^ dg© 

XT" >y ^4001 : 1^26 
15 :^T-'y :7°4002 : ^-^"^ ^illicfc J: O'eg-t^b ^ tl ^^c ^ >v -fr- >?ml014^A 

7.7- y ^4003 : ^^ffi^iiiici, m^it-^tlfz/ y "k- 'JM\A(D f 
hfiL^, ' key derivation function' ^OXtSti^, ^titX^X, fi: $ 
20 L(D-7 7. ^ o Z.Z.X, 'key derivation function' ct(i, ^"f" 

.ffl#aiicil±l;^$ti-5^x^^iJ0ft$L^A;bch LTf&^-ri>i,5$L 

1012© — pBi UT^^^^lTt^^ ^® i-1"^o 'key derivation func- 
tion' ©piffl{coc>T(i, 35:m[X9. esjca!-^ ^>nTC^^ 

25 Xt^ -y 9^4004 : Bf-^^fk^tl/c^ <y -Ir - >^inl014 i X ^ ?lJM©S^fiilB^lTOa 
?D (m' XOR M) ^ft^U. ^Sm^^-^-fk $ ^ -y -i? - vm' 1015 i UT 



1 6 



\Zti- K1001®^'1>SiIC!±l;tJ-r ^ 

Xt^ 7^4005 : fc^O '9 

ifmmm^^i6\.^X{t, RffintBt^O-fiT^^ Elliptic curve 
Encryption Scheme (ECES) © m^^k^fg^Jt o /cICt^ - K ilffi U /c i^iJ 

Elliptic Curve Encryption Scheme (ECES) 
Elliptic Curve Augmented Encryption Scheme (ECAES) (D'^mtfM^^ 

t)-^iiOt)-^'^^^'t^^Mi)^1]Wf^^o Elliptic Curve Augmented Encryp- 
tion Scheme (ECAES) {roi>TcDpJffl{i. :5:m[X9. esKcizE^ ^.tiTi^^o 

(i. iS:; y2 = + a X + b ^ n/c>ff R ffl ^S<£-^'Jffl U T l^fc7i)<, C 

-^'Jx-li' b y2 = + a x^ + b X n/c1f Rffi^^^'J 

20 m^it, mmwommm, mwF^^'^±(Dm^mm, cabffl^,s± 



1 7 

T ^ U T :fe # . R ffi 1^ Bf -i-m-^- 7° a ^ X. 101 UC +i ^ -r ^ 7° o ^ A 

RSABf • Sig (COl^T{i, 

[APPLIED] Bruce Schneier, "Applied Cryptography", John Wiley & 
Sons, Inc, 1996 
15 }C|3^$nT0^^o 

(i'lH l^^tfc^J^o. IC;^- KJii^l-® secure cryptographic device 
^, ^2gj*5^ >v 7°^, PC^ -7 - i> Xt^- >^ 3 >}C?^ UT ^iiSffl^tgT^ 

20 

• ^ 2 ©^M^iJ 

m 1 <7)^^£{?"J^cfcC^T. Rffif.tBt-tm-t7°o:i7^"5 AlOll^/^© J;^ 
C^?^ UTt> J:l^o 

fcl^T(i, ^1 ®^5fi^iJ{Cfe{j-^tf Rffl,1^Bt^m^7"a^-5 AlOlUrl^ 
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^-r^7°D^"^A{i, ?)^02-O07°D^-5A. -r-yyUT-'-^lt^yn 
r 5 A5001. X- y;U#Beiy;ff P9ffl^S0t-^m-^7°n A5002;6^ t^nir^o 

x-yyUr'-^ lt^7°n A5001{i. IC^- K1001®:S^^/^^ -^-^ 
^§ ^Bl 004 I^T ® 7^ - y ;U - ^ 5003^ « ^ iA tr 7° D i?-' ^ A T ^ ^ o 

-tuio'^^mmmioif ^mm-m^^mmdjooi twmm^\i^mmd,ioos. 

TA(Timing Attack). DPA(Dif f erential Power Analysis), SPA(Simple 
Power Analysis)ni: tlZj: ^ i$C^$tlT hWmmdiZmT ^ f - ^ t^Mtl 

dgioosi. 7^-y;i/T-'-^it»ya A50oncch xnn-^ntzy^- 
memit, iurfctj-^T^-^'yuT^-rj^it^yo^-^ a5ooi©7 

XT- -y 7°6001 : it 1:^6 

X7^'y7°6002: IC^- V\m(D^\-^t)-^^'iS.^m:^MU^%%^'^ts 
25 Xt^ -V 7°6003 : mRffl^t±®.^?, 3R, 2R, R, -R. -2R, -3R^tt»-r^ 
Xt^ 7°6004 : -r- yyUr'- ^ 5003^. 
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T[00][00]= 






T[00][01]= 


-R. 




T[00][10]= 


-2R. 




T[00][11]= 


-3R. 


5 


T[01][00]= 


R. 




T[01][01]= 






T[01][10]= 


-R. 




T[01][ll]= 


-2R. 




TC10][00]= 


2R. 


10 


T[10][01]= 


R. 




T[10][10]= 






T[10][ll]= 


-R, 




T[11][00]= 


3R. 




T[ll][01]= 


2R. 


15 


T[li][10]= 


R. 




T[11]C11]= 





. Xf-y ^6005 : fc^ ^ 

20 A5002©7 a -'^^"To 
Xi^y 7°7001 : (i l^fe 
XT-y 7^7002 : Q = Oim^^.^J ^ 

X-r -y yyOOS : ICti- IQOKDH^^^ 'hU^ m .'^M0\Z^m^i2<iS 
Xf-y 7°7004 : t'- ^ ^^,1^$^5 1004/{)^ liJS'^^^Mf fSd,1007fc J; 0'lii<^ 
25 M^^lffgdelOOS^fl^iAt; 

X^ y ^1005 : \n\^)<W^tI i=|n|, | n i ;{)^' ^ ^ i=|n|H tt 



2 0 



X7"-y7°7006: x - ^'rt ^ 1004 't' © x - -^'yl/ f'- ^ 5003^ #.Be U ,. S = 
T[d,1007®mit:"-y Kg, d,1007O^(i-l) f -y H g ] [dglOOS® ^ i f -y h 
g, dBl008©ll(i-l) f -y h g ] i f ^ ■( - T^i f -y h g ^ is:. ftTIi 
5 f>y 1 t" y h g <i: U, ±& (' fS] 9 {5 i';^ t < ''j: ^ J: 9 6 

if ^ ) 

■ Xf- -y 7°7007 : Q = Q f S ^ff^-T ^ (C CI T + ^ff R ft Jf^-h® ® 

XT" -y 7°7008 : i = i - 2 il"^ 
10 X 7" -y 7°7009 : i > 0 Q = 4Q <!: L T X 7" -y 7°7006-\ ( C C T 4Q 

Iff Rlfflf.S±® ,^.Q© 2 2 lUI^ ^ il-rc ck o Ta}^2s6 ^ C tt<-Q 

XT" -y 7°7010 : Q®xM^xQ^m-^ffl#^iiiii LTm:^J-r ^ 
X-r -y 7^7011 : 

15 T^ifc. Jiiexf" -y 7°7007fI*Jlj- ^'TtPaffiiaJi^-^.OJO^, fcctC>', X -r -y 
7"7009fCfc{j- ^If Fqffll'Si®.^?^© 2 >^g^©f¥lfflfCOl^T{i. 3tM 
[IEEEP1363]}ri¥ U < iE'^ •^nrt/^So 

:$:^5i^?'J^C*,H^T{i. I2>®^^:9^1f fg©ili^1" ^ 2 f -y h-T-^C^^U 
TiUff^^To cni(iS7:i:>5^J9:5-T ^5c);i/^o ■^'Jx.(i', iii^-T^ 

20 3 f-y UTill»:^^fo T ^3 ckl^ L, — IS:CiSSt-r ^tf -y h 1"' 

0<£-^m UT ct l/^o* -5 CMi. HC^tC j f -y Mini:n/C( |n|/j)j[i© f 'y 

25 :$:^Mi?'J{'fct/^T ti, dR ^ Jjcfe ^ 4^ d , d i # ©jil (iiitl 0 ^o 



2 1 

amwti^ d ^CDh(D(Dm>iHtitiULrii ti ^„ U^C7i>-« o TTACTiming 
Attack). DPACDifferential Power Analysis) J'j: ilC J: ^9 i: T , 

4^^SSi?'J^:::^ot,^Tii, ^IR ffin^fif^© — flT^ ^ Elliptic Curve 
5 Encryption Scheme (ECES) © ^^Yk-^ ^It o /cIC^ - K (C ilffi L /c l^ij 

-^{Cti, r- - y )\y'r - :^ t\'M--:f' a ^ I^^Q{)\^%mm'ri-t ^ 'Sl^-m^tfi < . 
10 — S/cfj-H^Tf titi cfc t^/ii6, m^(D^mt<m'M\z%'n'^^tfi^—M 

J£i?iJ®J^'^Ta-;t (i'lC^ - K1001)©^1^^T^T-P C <i: nJtgT ^ ^ o d ® 
J: -5 ncMa^^t?^gCDi?'J i: LT(i. '^iJ;t(i'. R ffll.$Bt^}i {j- ^ H 
^^MS^^T9 IC^ - K76-^"#{f 'itiao C®^-^. ai£j[c!: UT^^ L/C 

20 • ^ 3 ©^JS^iJ 

mV^^'i^±.(0 ^Atm^ 2 ?^7i;affineMtl^ffll^T. J: L^'yJl1i 
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V [IEEEP1363]{r projective coordinate cr U T "c* tl T 0 ^ o 2 i^jc 
aff inejiEtK- cfc -5 i projective coordinate (C J: ^ S?! i ® Fh^ © 

5 [ 2 /S^^Ttaff ineJ^^l;{)^ projective coordinate 'n. ] (x, y) -> [x, y. 1] 
[ projective coordinate <^ 2 '^jbaffine^M^ ] [X,Y, Z] -> 
(X/Z2, Y/Z3) 

Z ZH'Q.si-t^^VH, projective coordinate J: -5 (i , (r) U 

.^?.^a-9-a?S{i — ii ^9 "c ii/dic^i 1^-3 - iT^ -So -t^Jii^^. t^ 0 < t 

10 < p (p itnp^mit^(D'^m^ti^mmw(DiiLmtf^^WLtir^t, 

[X, Y. ZJc^r.-SLt^ X, t^ Y, t Z](j:. ^ tCll] b (X/Z^, Y/Z^^ S L T C ^ ^ o 

i^:^^-}^tLX, Z(D projective coordinate C <i: -5 S Ti^ U T 4b" 
<Ci*<T^^o Z(Dm^, If] l^.^.^a-Tr^- ^ o T ^i. S/x^g 
15 life J:oTi«i?UTfc < Z tib<^mttS.^o '^iJ;i(±'T[10][00]<i: 
T[ll][01]l^*(C.^S;2R^at-T'-^/i)-«i*#$nTl^^;6-<, t> 2 

n^'ns/j: ^gil, -TT^dr^t.. T[io][oo] = [x. Y.z], 

T[11][01] = [X', Y', Z'](C C T X/Z2 = XVZ'2, Y/Z^ = Y'/Z'^ ^-/^/c^*) 

20 -i-'«-^7°n ^--^ A5002©||^T4'{::T[10][00]:6-<#BS$tl/>i^'^cb 

T[ll][01];!:>-«#M$n/c^'^i T-. C i (C «9 . ^©i^ 

^^TC;&^7i)^^Bf Pel. ^ ^ ^ © ?^ $ i: C>' '/^ S « Sft ^ S /j; 

^ C iC T'.i -5 c 

25 m 2 ©^Mi?'J{C.c&aia^^7°a ^-5 A8001^-«iaijn$nTl^^o 
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:^ ft^7°a i^''^ A5001C ck o T, projective coordinate T^^tl/cx 
^ ioOif^o •T'ti^t). 2 ^Tcaffineigtltr J; o T(x, y) 

5003^lt^^ ^ projective coordinate o Tft^-^^fO^. ^ 

10 CDrfi^W^^ projective coordinate © ^ ^ 7^— ^'^Uf^— ^ 5003(1 '(^# U 
T ^5 ckl^o A 8001(^7" -7' ^Uf'- ft^7°n ^ A 

5001©^^f S:^fiT--y;U-f'-i' 5003;6-<#BS^n^ ^ T^PbI® 

. 5002©^fr^(::*iJ«9iAt:?^T-^^T$nT*> J;t^o 

mdmit, m 8 a ^"5 A8001O7 o - ^^fo 

20 . Xt^ 7°9001 : (i 1:^6 

XT- -V 7°9002 : i = 00 tT ^ 
XT- -y 7°9003 : j = 00 tir ^ 
Xt^ -y 7°9004 : [x. y. z] = T[i][j] ^U^ii^tS 

Xr- y 7°9005 : SLg$Ck<^ ^^"T ^ ( 0 < k < p tt^o P iitfRffl^c©^ 

25 a$n^ WP^1*®i4i^C) 

X7^-y7°9006: [x, y, z] = [k^ x (mod p), k^ y (mod p), k z (mod p)] 
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X-r -y 7^9007 : T[i][j] = [x, y, z] ^ 

y 7°9008 : j = j ^ 1 tt^ifzi-^i^ j 2 jg ?i T SIB ^ n T t - ^ 

5 XT- y 7°9009 : j ^ 1 1( 2 X 7^ -y 7^9005^ 

Xt^ -y 7^9010 : j = 00 i g" ^ 

XT- -y 7°9011 ; i = i + 1 c!: f ( /c f i U i 2 it-^T^fS $ C ^ ^ 

-y 7°9012 : i ^ 1 1 ( 2 it feaiB ) X y T^gOOS'x 
10 Xt^ -y ■7°9013 : fe^ «9 

.^K^M1?'J(C^oC^T(i. il^'^.i^'f ^ >i>'"T.^S:a5l^g^7°n A8001 
^^tf C ifl «9 , m^.-s-.^aTM^^T^-^. if'J^(i'T[10][00] 
<tT[ii][01](i, ^ni: aaJJc: ^ Ti*#$ c (c/j: «9 , ^/c. 1^ L; 

#PS M tf P3 ffl Bf-^m^ 7°^a ^ A 5002® ^^T *^ ;6^ ^ Bf TbI ^ ^ ^ ^ ^ 
TACTiming Attack), DPA(Dif f erential Power Analysis)''^ i:'® 

if%mm\-:.ii6\.^X\i, .*;^Il^j^7°D ^""t A800HC o T, -r-y^U 
t'- ^ 5003tr't-^nai--^T®.^.1tfR©^^^tTo /c;^)^ -r-^T^.^^.T- 

t>ckc>o T--7-;l/#,BSiyffiRffl^Bf-^m^y o ^J'-^ i.5002C>r=t-r ^ 



2 5 

TACTiming Attack)^DPA(Dif f erential Power Analysis)^0?+Il <!: UT 

4^^JSi?iJ(Cfcl.^T(i, RfflliBf^® — flT^ ^ Elliptic Curve 
5 Encryption Scheme (ECES) ® m^^b^fg ^ o /cIC* - K {C iSffl L ^'i 

Be. C tJ5 'S) o 

ck ^5 d,1007<i:dBl008®?*n(Cfc{j- ^M;6-<liJ^lid©m U 

<fS.^J:o {-Sm$nTO>fCo t /c, ^1 ®^M^iJtcfcC>T(i, . dJ007 
<^rdBl008(±. 0}iL±n^m(D'^t\^Tm.^^^tiXl^fZo t< >h ti 

T d (Dm.ib<m^l,^tlTl^X ^ ^l^o ■rUt)^B.m(K B„.,,,,,B,,Bo)(i, 
20 gl[ 2" B„ + 2"-' B„., + ,,, + 2' B, + 2" Bo ^ ^ ® i "T ^ o ZZT, 

Bi(i. 1.0,-1 ©i^-rti}6^T-*^ i-r^o zcommtm-no:> 2m^^%<D^ 

gfifcni: -p Tt^^o -r^dr^bt), c®^ii;5'-feT, B^^ 0 i ® t!)^ 
/cij-T^a J:9 C$iJPIU/c^©/&-«ii'^©2ji^lET^^o ^Xfc, 1,0,-1 
^/ ±Tami-^ /ci6tr (i, 2 f y o T, OOni: i^jO, Oinj: ^ 

25 1, iKx^-i^^-r, "^n^o 
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mmm^^^WidAooi tmmm^^mmnm^(Di}s.(Ditt> ^ i, o. -i 

5 XT- T'lOOOl : Dto 

7^10002 : r'- ^ ^§^^^SP1004;&^ i^lii-^Mtf fN_rep^f^^iAt.^ 
Xt^ -y 7°1G003 : SL^K. ^jjJc-T ^ ( - C T 0 < K < L < |d_rep| <i: "T 
^ o /c U I d_rep | d_rep£D \£ -j H ft ) 

X 7" -y 7^10004 : ^i^-^^tff^Sd.repOl^L+l f-y h gO'fEBL,,^ = 6^,, ^ 

10 1 t-t^ 

XT- -y 7^10005 : K < i flht^XO:) i {C?+L, ®^^tra^d_rep 

©l^if-y h g©mBi^ Bi = Bi . , ch-r^ 

X7^-y ^10006: M^$i1t^5d_rep®^Kf-y hg®MBK<& B^ = B, - 2 L 

15 X7^ -y 7°10007 : Iif^^li1tf5d_rep©# f >y h 1,0,-1 (DX^^-fM-^X ^ 
nii'XT^ -y 7°10013'-^ 
X 7^ >y 7^10008 : j = |d_rep| ft ^ 

XT- -y 7°10009 : d_rep0^j f >y h g (DmB,.;6'«2T ^ B,,, = B^,, + 1. 

Bj = 0 i-r^ 

20 XT- -y -I/IOOIO : d_rep0^j f -y h g ©MB,.*-? -2T ^> o /ci^> B^,, = B,-,, - 
1, B^ = 0 t-t^ 

7.^ -J 7^10011 : j = j - 1 <t-r ^ 

X -r -y 7^10012 : j > 0 '^.i '^p X 7^ -y 7°10007-\ 

X7^ -y ^10013 : T^- ^t^,^$|31004C:gff $n/cM-^^Mtff |gd_rep^»^ 
25 ^ht2 

Xt^ -y 7"10014 : ^t) >0 
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Xt^ -V 7°1 1006 : d_repl©mi f -y h @ Bj;&-< 1 T^j: <i X 7^ -y 7°3009-\ 
Xt^ -y yilOOT : d_repl®^i f >y h @ Bi;6< -1 t^jT X 7^ -y 7°30 10-^ 



10 :$:^Mf'JT(i, 1.0,-1 ®3lEC^'c!:LT d ® '(a7:J^'a?S $ n T C ^ /c , III 
Itfr 2 ii^ia®lct5i^i^ o T. m^\t, 2,1,0,-1 ©jtO'ctUT d 
^S?^UT^J:C^o t/c, t. t-1,,, 0, -1.., -s (s, t ^ 0)®^<>*i 

^ ©T^njf, 'ii^^" U t>iS.^ UT < 0;i)^©^®3t<:>' UT d ® 

15 ji^aiEUT*>=tt^o 

^)-2>0^{it/c, i^>^MtfffEd®fil©^iJ0^?Ei UT. a t!?-^' d i ^ U < ''j: 

H 2fl ^?'J f I { j- -5 lif m ^ $U ^ -If IS d , 1 0 0 7 i IK ^ ^ ^ 1 1 fS d B 1 0 0 8 O li. ® ft 
^J^f-, dm, X dma (mod n) *<|k:-Siitf fSd©11 U < ''ci: ^ ct -5 t^J: 2 
20 o©^®iadin,idinB;i)-<7='-^t^l^^gI51004fC{^^^nTl>a d: C UT 
J;l^o fe'i>('M±, »/&-<di^ L < T^j:^ J: -9 ^cC 3 ojg^ JbO^OMfC J; o 

i5^»Mm;^^"lii-^^MttfSdci:7^j:^ J; /j: © © m C J; oT^ia^nx 
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aiJi^^ 7° n ^ A ( II am ) 
5 Xt^ -y 7"12001 : (i l;J6 

Xt^ >y 7°12002 : OJ; «9 < nT^/^OSL^k^^SJct" ^ 

Xt^ >y ^12003 : f"- rJ^t^,Trt^lO04;&^ 'idm.fc cbJ>'dmB^a^iAtr 

X 7^ 7 7°12004 : dm/ = k dra^ (mod n) isJiZ/ dnig' = k^' doiR (mod n) ^ 

10 XT- y. 7°12005:din/ :}o J: O'dmB* ^ ^ tl ^'tl T"' - ^ IS ^rt 1 004 4' ® dm,i5 J; 
Xt" -y ^12006 : fct) ^9 

15 Rffl^Bf -^m-^yp ^J'"'^ A(aaJS)(tEJ£llI§) 
7 ^13001 : i;J6 

Xt^ 7 :7°13002 : ICt^ - K 1 001 © H .^?.R10 13^ fI<J5^ t,- 

Xr- -y 7°13003 : ^ t^|^^1004;6M^dm,*J J; O'dniB^flc^iAt; 

Xt^ -y 7°13004 : Q = dm, R ^If^-T ^ 
20 Xt^ <y ■T'lSOOS : Q = drag Q ^ft^l-T^ 

XT- -y 7°13006 : QCDxJitlxQ^m-§-m*ii$li UTt±i;tf-r ^ 

Xt^ >y 7°13007 : 0 

flis. ±iBXT- -y 7''13004:fo J;a'13005Hfe{j-^ffiRffl?a±®.^?.®^^ 



2 9 

10 T:fc#, C n n iUcDtf fg^^>^1t$S®am i UT io <J: t,^o 

:$:^[Shamir] Adi Shamir, "How to Share a Secret", Communications of 
the ACM vol. 22, no. 11. pp. 612-613, 1979 

{CM $ n T 0 ^ ^ o 

0 KT^ C tt^'^n^t-^X <0 , TACTiming Attack), DPA(Dif f erential Power 
Analysis), SPACSimple Power Analysis)^ (C ck-^TliJ^MC'fS^Ji^^ 

20 :^mmmi'i6l^Xit, Rffi^^St-^-© — «T-^^ Elliptic Curve 

Encryption Scheme (ECES) ©m^Yk^t^^^ o /cIC^ - K Cilffi U /cl^ij 
U/C7!)^^ ^ 1 © ^JSi?'J ^. «in ^1- t> < il ffl ^ 

It T S> o 

25 • :ii 5 ommm 
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-4^^m'^,mp^^'^^mm[^fzf' ^ jim^yj^T^^ ecdsa 



5 l^Tl^QJ-r^o ■ ECDSA^ig {ro^,^T{i. |iJlB3JC^[IEEEP1 3633©ftfe, 

3tiic[X9. 62] "Working Draft AMERICAN NATIONAL STANDARD X9. 62- 1998 
Public Key Cryptography For The Financial Services Industry: The 
Elliptic Curve Digital Signature Algorithm (ECDSA)", American 
National Standards Institute, September 20, 1998 

10 izm^jk^ nxi^h o 

mi omit. :^mmmiz^ii hicti- Y^'om^m-c-^ho mi(DmiM 
15 m^z^\-y hiQ-ti- vo:>mi^m-vhh^imto:>mm..^At., miom^z^t 

tf Rffi^Bf -^^-^y D i^^'^ A1011<i:*ia^Hg-^m#7°a A10127&-</=}: 
C^C: ch. ^ 1 0 il}C{iECDSA^iS^Jj5c.7°a A14001;6-<^^ C t,Kti- 

tS fg d , 1 0 0 7 i ?g ® ^ It IB d B 1 0 0 8 ® ^fi ^ 1- tf f B R ffl Bt ^ ^ 

ECDSAgiS^^7°a ^ A 14001(10 l^TlJ&B^f ^ o 
ECDSAgiS^S5c7°D AHOOKl, ICt^- KlOOlon^;!)^ "^^^ ^=t^ 

^ -y-i?- >^i4002^A;t? u, tfz, f'-^^^'^^iooAt^'humm^^mn 

25 d,1007fc J^O'lil-SM^P^tf fgdBlOOS^Ay: U, ^ v ^ 14003^ ft 
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^^^f "5 nfoaiai^g^^a ^^7-5 A1011fcctC^*ECDSAg:S^J^£7°□ ^"5 A 
14001C J; -5»:$:fl^/j:iljfP®?iftn^^ <ti6^<t2)^®ct-^(inj:^o 

t t£ < -r ^ -l^^ 14003^ It» L. IC;^- KlOOlonSlJfC iiJ^Jl" ^ o 

{C£fc}il-r a C ir^^j: < "f^ ;u§ig 14003^^^1" a C i T * ^ © T , 
15 TACTiming Attack), DPA(Dif f erential Power Analysis), SPA(Simple 
Power Analysis)#(Cck o T^i«^M©1iI^li^-r ^ - ci: EH /j: -o X 

20 n^fzo^iz, ^mm.xh^mmmw;^mWid,imtmmm^^mn 

dBl008*-< f"- ^ l&trt 1004^6^ <^> ^< X 1003^ U T ^t^^SgP 1002(r ® H] 
^Mtl^Z tlZfli^ , tfz, ECDSAgig^^7°D AHOOUi. ©Hl^l: 

is^^oTft#^^T9 c i T^ci ^ 26 . c ®rB^oit^B#rB^-^^^-r ^« 
mm<D^^^^mmn-ik^ z om'Z^ntzmizi^^i- zoz 

25 TAdiming Attack), DPA(Diff erential Power Analysis), SPACSimple 
Power Analysis)^{C J; o rmmm^^i^mWom^m^^ tl^^n^^^< 
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5 Sl35>1tr^dBlOO80m;O<^iJ®<i{C« ^^^^ f'- ^ 1004;^^ 

7 A 1 4 0 0 1 ^ ^- ^0; S ^il 1 0 0 2 T ^ L B# ® 8f PbI ^ IS ^ 1" ^ m ril i& © 3^ 
^^i^i^a»ft^-^i^/j: ^ /c^jOiT^dT-Ex, cntrj;^). TAdiming Attack). 
DPACDifferential Power Analysis), SPACSimple Power Analysis)^- fC 

a?a^^7°n iJ'""^ AlOlOJi. ECDSASig^tl^7°n iJ'-^ A 14001^-<|I^T^ 
illlj fC^E^^T^ nx ci; (/^ U, ECDSAg^^^:/ D i^-^ A 14001;iJ-i 

^ A 14001;6-<'f5r[l];6^llfT^ n^Sfr^^T^ tlT J; C^o * ^ O^ii^ /c 
15 ECDSA^^g^^7°n A 14001O^^Ti(iMg|#tr, ^ > A /j: ^ ^ 
>/7-{r^tT^nT J: t^o ECDSA^ig^^y n A 1400UC^-r8 
TAdiming Attack)^ DPACDifferential Power Analysis)^ O^t^ i UT 
(i. gm^^^a^>"5 i-1010®^^Ti^>S/:)-^"^l^{39 tD-^'M^ Ul^o 
ECDS A^ ^ ^ fi)c 7° o ^ A 1 4 0 0 1 0 1^ Jiffl o I ^ T 0^ 1" ^ o 
20 ^limi. 1^ 1 0 lEl{C4b-lt6ECDSAg-^^^7°D:5'"5 A 14001®7 
□ — ^TT^-to 

y ^15001 : \t 1;^?!) 
XX >y 7°15002 : IC^ - K 1001©^'i-^7&^ ^>?«3tt^^ -y-fe - >^ 14002^1^ 

25 -y T^ISOOS : m^t^^/ 7 - v^' 14002^^^ v ■> ^ m'^O:) Xti t U 
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Xt^ -y 7°15004 : - ^ l^lrt 10047&^ t> ^-S'll §E^1t ?lid,l 007^- J; O'ltJ-S^ 

Xt^ y 7*15005 : k ^^Jj^f ^ (0 < k < n i: "T ^ ) 

Xt^ >y 7*15006 : (x, y) = k P ^It^l"^ 

5 X 7^ -y 7°15007 : r = X (mod n) iT^ 

X 7^ -y 7°15008 : s, = k-' (d, r + h) (mod n) ^tt^-T^ 

X f- -y 7°15009 : Sb = k"' (de r I h) (mod n) ^tf^-i'^ 

;^ X -y 7*15010 : s = - Sb (mod n) ^It^f ^ 

7^7" -y 7*15011 : (r, s) ^ ^ 'J ^ JVm^ t{.X\i^1l-r h 

10 7.^ y 7*15012 : H ^ K) 

z zv-\tfm^^<i:v^t, mmmdcDm^tiBM. f ng^-^, d, - (mod 

n) {±C ®ECDSAgiS^^7*n A 14001^(C — S t?in''<i:i/^;6-<, m^t 
.Lxm^htlfz s It, 
s = Sa - Sb (mod n) 
15 = k-' (djj r I h) - k"' (dg r f h) (mod n) 
= k"' (d r f h) (mod n) 
^•mfcirfzi!b,U'^^md^-Dt^'?XM1rM Ltz(D tm ^ ^# <hnxi^^^ 

m^\,t, — Hd=d,-dBc!:t^7 lt»{' cfc T>1^^6/cd©m^iS o TECDSA^ig 

$^>{C, ^ 1 CD^JS^iJ i llJIifC, a?i^^7*a AlOlOfr =t o T, 
25 fi2>Slid©aJl-c ^) aiil-^ll^^tf fl5d,1007:fD J;C>'MSIi^53^1f fg 

dBl008Om<^^M-r ^ C i (I ck «:) . ECDSAgjg^^7'a A 14001. J; 
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^ i¥ U < {^:, ECDSAl-iS/±^7°D ^^7-^ A 14001©X7^ -y 7°150084' ® ^ttt^- 
U TTACTiming Attack), DPACDif ferential Power Analysis) i:" 

y ^m^lCti - K1001©l^a5T. ECDSA^-ig^^7°n A 14001© 
;^7^ y -ri5003i:>!^^fz^<, Z (D^m^tlCti - KlOOl^tt fgo^ O'^Kiti^ 
10 -S^I-gPC^a, fiJx.(S", IC;^ - KlOOl i ICt^ - K U - ^"'^ ^ ^ii 

:$:^^Sif|J^:::fot^T, ECDSA^-^^^7°P iJ'"^ A 14001® Xt^ -y 7°15005 

15 ;L/^rS(r, s), lii'^ild. SL^k, /^ >v v a. i?, ® Pb^ . s = k"' (d r I 
h) (mod n) cir C ^ "5 M # ^ ^ , Cin ^> ® 9 . r, s, h(ifi i> t^j-^^ ^ C <t 

^iZ J: -0 T "^d-^^ r> X ly t O <h X- ^ ^ o 

/■i/fU. 5|ii®ild®1ji;i)-< — ^T^^®(C>!^U, SL^k(i§=S <|- ^jjic-T ^ 
20 fzZfC^tiZ'yy^A^Z^f^^tl^.'^.XM-^l^fz}}^, TA(Timing Attack), 
DPACDifferential Power knalysis^fl^O^^^lC^-^XUt-^t^^^il^ 

COZ. t X h ^ o 
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^ Z tjb^T^ 6o t^l^-^. tt'. m 2 (DmmmiCis^i ^T■-y'J\^f'- 
5 iz. ^iJx.(i'IC7t7- KIOOIOH^T. ft^ UT4o < C i;:)-<^tgT^ ^ o 

iJ-S£g^7°a A}r J: «9 S£^-r ^ ©^ECDSA^^ ^^7° a ^- ^ A 
14001©X-r -y 7° 15006 (C :fo fj- ;S (x, y)^, H 2 O ^M^^iJ C :fe { j" ^ t^- 
10 #BSSi!^f Rffl^.^Bt-§-m-^7°a A5002c!:Il]|||C UTlt»:i-'5o ECDSA 
g-iS^l£;-7°n 5 A 14001® XT- -y 7°150084o J: O'X -y 7°15009-c{£ 9 

(mod n) ^lt#1-^o t-' k,-' ke"' (mod n) ^lt'#^€)o cn*-< k"' 

15 >! C T# C© k-i <&^to^?S»4'(C. k BMOiUltrnti 

o TTAdiming Attack). DPA(Differential Power Analysis)?'^: <i:"(t J: 
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f{g') ^tf%-t ^mm:f)<h^n-, C (7)|ga(C>r^t-^TA(Tiining Attack), 
DPA(Dif f erential Power Analysis), SPACSimple Power Analysis)^ 

5 gtm^-^n^'^t'^mt, j^ti\t, m^\f, di<D x^ ^z\^x 

t-f g = gl • g2 ( • (it$Gl©?$^^g-r)c!: nj: ^ glchg2 (Dm.iZXK) g 

5 ^cjS^/iG105t;h^CO(,^T, gr=h-gl. g2' =h-' • g2 Ch ' 

10 (ilf-Gl©z^»: • fCMf ^h©it7r;^ai-)^It^ U. gl ^gl' -cg2^g2' T 

M^ikiC, f(g)©m^^#^/ci6C, f(gl)#f(g2) (#(iS$G20?S»:^S-r) 

;^ft»:t-^o firm\^m^mfz7b^ f(gi)#f(g2)(if(g)(r^ ui^o 

T'j: 5 © ''i: -5 o ZtliZ J: 0 , TACTiming Attack), DPACDiff erential 
Power Analysis), SPACSimple Power Analysis)!! J: o T^iJ^M©-®^ 

20 
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-y h 9 - ^ 16001 {c. -m^M^V^ ^ti- K'1^;u^"'cD 
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